08 - 02 - 2016

Cisco AAA (TACACS) configuration on: IOS/NXOS/XR

Below you can find configuration for the AAA authentication for follwing Cisco devices:

  • Cisco Nexus - NXOS
  • Cisco XR 9002 - IOS XR
  • Cisco Switches - IOS

Sessions like SSH will be authenicated against the remote credentials (TACACS server), but console will use local password for emergency access when required. The full AAA will be also activated, which means check credentials, check priviledges to execute commands and log the commands.

Read more: Cisco AAA (TACACS) configuration on: IOS/NXOS/XR

Omniswitch 6900 VLAN translaction

This is update to my previous article: VLAN translaction on Alcatel but configuration created for OmniSwitch 6900.

VLAN 4050 - The VLAN that exists on the translating switch, to prevent VLAN overlapping it will be translated to VLAN900.

LINKAGG 100 - The uplink to other switch that has VLAN4050 configured but for other dedicated service. Due VLANs overlapping translaction is required.

PORT 1/9 & PORT 1/7 - Trunks ports to a server or other VLAN aware device (switch/router). Frames are represented as tagged frames with VLAN 900.

HP 6125XLG Virtual Chassis (IRF)

During IRF configuration on  HP 6125XLG switches(firmware CMW710-R2422P01), I have faced a lot of problems like:

  • System errors - sorry don't have output of the error message. I hope I can give them in the nearest future.
  • After configuring the devices the slave switch rebooted but not in Virtual Chassis membership

The first issue was caused by SFP+ modules, yea it can be tricky when you don't use internal interconnect ports. Unplugging all SFP+ resolved the problem, but after restart applying the configuration switch rebooted in standalone mode. The resolve the last problem the ports on the Master switch has to be disabled, and enabled after all configs are applied and save on slave.

Read more: HP 6125XLG Virtual Chassis (IRF)

VNC socket with Libivrt incorrect permissions

We you are using libvirt with VNC based on sockets instead of default TCP listening and you are not running as root. You could have an situation when socket has incorrect permissions 0775 and qemu:qemu group under default /var/lib/libvirt/qemu folder. The files has extension ".vnc" with suffix based on your Virtual Machine name and "=" sign.

Unix sockets are forced by "vnc_auto_unix_socket" in qemu.conf file, in /etc/libvirt folder.

The params from libvirtd.conf unix_sock_rw_perms and unix_sock_ro_perms, had no impact on the VNC socket permissions.

Read more: VNC socket with Libivrt incorrect permissions

HP 6125XLG Line (SSH/AUX etc.) authentication

I have found tricky to configure SSH on HP switches integrated in HP BladeSystem C7000 chassis.

The manuals doesnt cover are requiremnts steps so here you will find the way how to configure the SSH/CONSOLE/AUX lines.

Read more: HP 6125XLG Line (SSH/AUX etc.) authentication

L3VPN on Cisco XR - without MPLS enabled switches

You can be put in situation to connect two or more L3 devices using L3VPN. The configuration isn't complex, and will work unless the path between devices invloves the non-MPLS enabled switches. If you connect ASR routers using other devices in the network it can be tricky. BGP sessions is not an issue, but MPLS tags. For L3VPN two labels are required:

  • Outer Label - specifices outgoing interface to reach L3VPN enabled neighbor.
  • Inner Label - provides information about VRF instance for the neighbor

The issue I got was lack of Outer Label because the path toward L3VPN neighor was not MPLS-enabled. It was simply 802.1Q subinterface, on top of bundle-interface. The sessions have been established, but no traffic was seen on opposite site.

Read more: L3VPN on Cisco XR - without MPLS enabled switches

  • Linux

    Articles for Linux software and solutions based on Linux/Unix.

  • Networking

    Network solutions and designs.

  • Blog

    My personal entries

  • Virtualization

    Software used in virtualization of services and operating systems

  • Windows

    Articles for Windows operating systems and services.

Login Form